Hi all,
i am trying to limit bandwidth use on a machine using queues.
My pf.conf is:
r...@vpngw.rebehn.net [~] # cat /etc/pf.conf
# $OpenBSD: pf.conf,v 1.53 2014/01/25 10:28:36 dtucker Exp $
#
# See pf.conf(5) for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.
client = "192.168.3.11"
#
# increase default state limit from 10'000 states on busy systems
#set limit states 100000
set skip on lo
queue rootq on tun0 bandwidth 100M
queue std parent rootq bandwidth 95M
queue test parent rootq bandwidth 20K, max 20K default
block return log # block stateless traffic
pass # establish keep-state
pass out on tun0 inet proto tcp from any port=5900 to any queue std
#block in quick from urpf-failed to any # use with care
match out log on tun0 nat-to (tun0)
match in on em0 inet proto tcp from any to self port=5900 rdr-to $client
match out on em0 inet proto tcp from any to $client port=5900 nat-to (em0)
############################################
pfctl -sq -vv shows:
queue rootq on tun0 bandwidth 100M qlimit 50
[ pkts: 0 bytes: 0 dropped pkts: 0 bytes: 0 ]
[ qlength: 0/ 50 ]
[ measured: 0.0 packets/s, 0 b/s ]
queue std parent rootq on tun0 bandwidth 95M qlimit 50
[ pkts: 0 bytes: 0 dropped pkts: 0 bytes: 0 ]
[ qlength: 0/ 50 ]
[ measured: 0.0 packets/s, 0 b/s ]
queue test parent rootq on tun0 bandwidth 20K, max 20K default qlimit 50
[ pkts: 5722 bytes: 5835854 dropped pkts: 0 bytes: 0 ]
[ qlength: 0/ 50 ]
[ measured: 119.5 packets/s, 1.02Mb/s ]
I have 3 questions:
- why is queue “test” allowing 1.02Mb/s although the limit is 20K?
- is it correct that the parent queue “rootq" does not show any usage?
- is queueing supposed to work at all on tun(4) devices?
# uname -a
OpenBSD vpngw.rebehn.net 5.5 GENERIC#68 amd64
System is running under VMware ESXi 5.0
TIA for any help!
Heinrich
